Lackluster SSL configuration documentation


(Ruben Navarro Piris) #1

The section Configuring Stardog to use SSL lacks information and some of the included information and configuration options are confusing.

These are (imo) the main issues:

  1. There is no word on which port is configured as default (which as of version 5.2.2 is 5821).
  2. The stardog-admin tool states (with the help command): --port <port> Specify the port the server will bind to. If only --enable-ssl is given, which port is configured? The HTTP or HTTPS one? What about when --require-ssl is given? 2 different parameters (--port and --ssl-port) should be used instead, as this provides full configuration flexibility and less documentation confusion.

(stephen) #2

Apologies for this, the documentation could indeed be clearer. The general rule is this: If --enable-ssl is used, the ssl port defaults to (HTTP Port + 1). If -require-ssl is used, then the ssl port is simply the default port.

Examples:

  1. Default is 5820, --enable-ssl -> SSL port is 5821
  2. Default is 5820, --require-ssl -> SSL port is 5820
  3. --port 8888 --enable-ssl -> SSL port is 8889

We can look into a separate CLI flag for specifying the SSL port explicitly.


(Ruben Navarro Piris) #3

Hi Stephen!

Thank you for the clarification! No problem, I hope this information lands in the docu for the next release :wink:

I still don’t quite get why this unnecessary complexity. Both ports should just be configured separately with the enable-ssl and require-ssl flags just determining which ports are active (and the HTTPS port having a default value e.g. 5821).

Otherwise an intended change on the HTTP port forcefully leads to an unintended change in the HTTPS port (since it does not have a default value, but a calculated value). Also, a “standard” setup (e.g. 80/8080 for HTTP, 443/8443 for HTTPS) is not possible (at least without some system re-directing magic).

I would strongly recommend configuration properties to be as independent from each other as possible.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.